Heap-Based Buffer Over-read in CImg Library Affects Image Processing Applications
CVE-2018-7638

7.8HIGH

Key Information:

Vendor

Cimg

Status
Cimg
Vendor
CVE Published:
2 March 2018

What is CVE-2018-7638?

A heap-based buffer over-read vulnerability exists in the CImg library version 220 when processing specially crafted BMP images. This issue arises specifically during the loading of 256-color BMP files, where improper handling can lead to potential security risks in applications relying on the library for image processing. Users and developers are urged to implement necessary patches to safeguard against potential exploitation.

References

https://github.com/dtschump/CImg/issues/185
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/09/msg0...
mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/10/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.